TU Darmstadt / ULB / TUbiblio

Evaluating Detection Error Trade-offs for Bytewise Approximate Matching Algorithms

Breitinger, Frank ; Stivaktakis, Georgios ; Roussev, Vassil :
Evaluating Detection Error Trade-offs for Bytewise Approximate Matching Algorithms.
In: 5th International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
[Artikel] , (2013)

Kurzbeschreibung (Abstract)

Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similar representations. Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages, and have been evaluated in a somewhat ad-hoc manner. Recently, the FRASH testing framework has been proposed as a vehi- cle for developing a set of standardized tests for approximate matching algorithms; the aim is to provide a useful guide for understanding and comparing the absolute and relative performance of different algorithms. The contribution of this work is twofold: a) expand FRASH with auto- mated tests for quantifying approximate matching algorithm behavior with respect to precision and recall; and b) present a case study of two algorithms already in use–sdhash and ssdeep.

Typ des Eintrags: Artikel
Erschienen: 2013
Autor(en): Breitinger, Frank ; Stivaktakis, Georgios ; Roussev, Vassil
Titel: Evaluating Detection Error Trade-offs for Bytewise Approximate Matching Algorithms
Sprache: ["languages_typename_1" not defined]
Kurzbeschreibung (Abstract):

Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similar representations. Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages, and have been evaluated in a somewhat ad-hoc manner. Recently, the FRASH testing framework has been proposed as a vehi- cle for developing a set of standardized tests for approximate matching algorithms; the aim is to provide a useful guide for understanding and comparing the absolute and relative performance of different algorithms. The contribution of this work is twofold: a) expand FRASH with auto- mated tests for quantifying approximate matching algorithm behavior with respect to precision and recall; and b) present a case study of two algorithms already in use–sdhash and ssdeep.

Titel der Zeitschrift, Zeitung oder Schriftenreihe: 5th International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
Freie Schlagworte: Secure Data
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Veranstaltungsort: Moscow
Hinterlegungsdatum: 30 Dez 2016 20:23
ID-Nummer: TUD-CS-2013-0297
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen